Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

The dictionary used to be a very different book, meant for much more than listing definitions.

From the blog post linked below:"The first thing you’ll notice is that the example sentences don’t sound like they came out of a DMV training manual (“the lights started flashing”) — they come from Milton and Shakespeare and Tennyson (“A thought flashed through me, which I clothed in act”)."

After reading James Somers' post about adding the 1913 Webster's dictionary to his system I gave it a try. The old dictionary sometimes has archaic definitions but is generally much more useful and even entertaining to use.

If you've got lots of plugins for Chrome, try disabling most or all of them and see if that makes a difference. Plugins run in the same process as the browser and can add JS code to 'background' pages that are present in memory even when you're not interacting with the plugin.

Google published a remote desktop plugin for the Chrome browser. It's not Open Source, but it is free (as in beer), and professionally written installation / setup instructions are available in multiple languages.

Actual remote access for you will be controlled by the user, they create a one-time passkey in Chrome and share that with you to connect to their system.

"The National Rifle Association has launched a website defending the use of lead ammunition against scientists and environmental organizations..."

Okay then, at least they didn't defend the use of water boarding on scientists. Oh wait, I totally parsed that wrong due to my inherent bias against anything coming from the NRA. So, I checked the link and saw that it goes to a site "huntfortruth.org" (so you can kill it). Dang! There goes that inbuilt sarcasm again.

So the guy figured out that browsers render all links on a page and then reflow any that should by styled to indicate they have already been visited. Apparently you can figure out which links have been reflowed by checking the number of frames that have to be rendered to display a link. Not a big deal, and if your site uses the same style for links that are already visited, not an actual attack vector.

The second attack, using SVG (or, I assume) canvas to create a screenshot of what's visible to the end user could be leveraged for an actual attack, you know, if everyone didn't put iframe busting code on their pages served over SSL. Vendors can update the SVG rendering system to adhere to the same cross domain restrictions as other components and not include pixels from iframes in the buffer that is available to inspect via JS and this hole will be closed.

Not too much to worry about here, but I'm surprised that SVG doesn't already do this (canvas won't allow JS to work with cross-domain images unless they have been served with a header that marks them as "safe" according to their originating service).

Use JS for libraries that are shared between client & server (e.g. HTML templating) and for logic that changes frequently or needs to be accessible to dedicated front-end devs (e.g. request routing). Use compiled C for code that needs to be extremely fast &/or robust (e.g authentication & creation of dynamic resources).

well, it's not true really. In the following example x will have global scope and y will be local to its function:

x=2;function test() {

y = x + 3;}

--

The declaration of the variable 'y' in the example is missing its keyword 'var' and will unintentionally create a globally scoped variable.Should be:var x = 2;function test(){var y;y = x + 3;// could also place the var statement inline with assignment operator}console.log(x);// prints 2 to the JS consoleconsole.log(typeof y);// prints 'undefined' to the JS console

- well, there is the keyword "inherits" and it does allow an object to be extended and you can use the 'prototype' to have multiple inheritance.

The prototype inheritance pattern doesn't allow for true multiple inheritance (like what C++ has). However, you can fake it by munging functions from multiple classes into your class' prototype effectively providing the functionality of multiple inheritance in simple cases.

This may be what Fairpoint is doing to give users access through their branded portal. These same APIs mean that any user can implement their own non-Fairpoint approved access mechanism for their webmail.

It may not be a solution for all users, but at least yahoo's opened up enough that there are options available in the case of abusive network access providers.